Ball’s in Their Court: Crypto Custodians Waiting on Regulators to Act

The business of cryptocurrency custody is getting more competitive and lucrative by the day. The most recent announcement has come from Switzerland, where local family-owned bank Maerki Baumann announced on May 29 that it had expanded its cryptocurrency services through the introduction of crypto custody and trading. The private bank first announced its crypto initiatives in 2019 by extending business account services to blockchain companies.

Thanks to regulatory approval from the Swiss Financial Market Supervisory Authority, Maerki Baumann will initially offer trading and custody services on five major cryptos including Bitcoin, Ether, XRP, Bitcoin Cash and Litecoin. The bank’s announcement came a month after the Capital Markets and Technology Association, also based in Switzerland, published a common industry standard for the management and custody of crypto assets.

Dubbed “Digital Assets Custody Standard,” the document attempts to elucidate how the custody of digital assets differs from that of traditional assets. Having identified the differences, the CMTA then laid down foundational security and operational requirements for crypto custody providers.

Custody for all

It seems that the biggest players in crypto have now turned their attention to the crypto custody sector, as a flurry of deals and partnerships were announced during recent months. For example, crypto exchange Bitfinex announced a partnership with London-based digital asset custodian Koine, while the New York-based crypto lending firm Genesis Capital acquired custody startup Volt. Additionally, crypto derivatives platform Bakkt claimed on May 18 that it had onboarded more than 70 crypto custody clients.

Despite the growing custody-related activities, though, regulations around crypto custody remain vague across different jurisdictions. A recent study published by researchers at Leiden Law School in the Netherlands specifically points to the handling of asset retrieval in the event of insolvency as a problematic area.

While experts believe that crypto regulation is needed, given the uniqueness of crypto assets, many regulators continue to treat coins and tokens almost in a similar fashion to traditional assets.

Traditional rules and crypto

To understand why traditional rules are ill-suited for crypto assets, CEO and co-founder of Trustology Alex Batlin believes one should first consider why these rules were enacted initially, telling Cointelegraph:

“The main reason you have the regulations is that, at some point, a custodian made a mistake, or stole money or performed operations they shouldn’t have performed. And these mistakes are typically not easy to spot because most of the record-keeping was always internal to the company.”

For this reason, most rules talk about very stringent record-keeping and transparency, because it’s easier to resolve issues if they are spotted early enough. However, this is based on the premise that only the record-keeping companies have access to the ledgers under custody, and therefore, have to constantly provide means for clients and regulators to audit their internal accounts. “However, the blockchain technology, which powers crypto assets, isn’t haunted by this conundrum since the records are there for everyone to see,” Batlin said.

Digital assets, by design, offer better transparency compared to traditional assets. Still, it’s worth pointing out that the transparency level varies from one custody model to the other. This, along with other unique features such as ownership and immutability makes a case for purpose-built crypto rules.

CMTA’s standard presents a starting point

The digital asset standard that CMTA proposes breaks down the different models by which custodians may operate. The document focused on two institutional-grade custody models. These include pooled and allocated distributed ledger accounts, or DLAs.

In a pooled model, the custodian pulls client assets together in one or several accounts. This model is what most cold storage custody solutions employ. According to CTMA, this model could take two main forms:

Placing client-only assets in one or several pooled DLAs

Co-mingling a custodian’s own assets with client assets across one or several DLAs

In an allocated DLA model, the custodian dedicates one or several DLAs to a single client. In other words, while each DLA may be dedicated to different assets, it cannot be credited to more than one client. Batlin believes these classifications provide insights into the inner workings of different models, and should help regulators develop suitable rules.

For instance, while clients may be able to track funds in pooled DLAs if they know the addresses, they lack the ability to tell whose funds are being moved and if it’s authorized. That’s different for segregated models in which clients can independently monitor their respective accounts and immediately call out any irregularities.

The risk of rigid regulation

At best, the CMTA’s document can only be a starting point for suggesting how the sector should be regulated. Some industry participants believe that it doesn’t take the latest developments in custody tech (multiparty computation) into consideration. Kevin Lehtiniitty, chief technical officer and chief product officer at Prime Trust, spoke to Cointelegraph about the challenges of dealing with rules in different regions:

“Regulations are very jurisdictional. The way we operate in the U.S. is different from Europe and Japan, thanks to jurisdictional regulations. However, since blockchain assets are truly global assets, they need a global regulatory standard and not a jurisdictional standard. Regulators need to take a patient, measured approach, else they risk stifling innovation.”

An example of this problem ensued at the crypto exchange Liquid after it switched to the MPC custodian solution. The exchange said MPC allowed it to reduce its dependence on cold storage by up to 90% while maintaining a “zero-compromise level of security.” Despite the efficiency gains, the exchange had to keep 100% of the funds of its Japan-based clients in cold storage just because of local law. “This sort of disparity in regulations would make some regions less competitive than others,” Michael Shaulov, CEO and co-founder of Fireblocks — an asset transfer network provider — told Cointelegraph, adding:

“All in all, while the standard is good progress, it doesn’t push for the adoption of the newest technologies and that can leave certain custodians behind with offerings that are not as secure or operationally efficient as in other geographies.”

Current state of crypto custody regulations across different jurisdictions

In general, present regulations globally treat crypto custodians in a similar manner to traditional asset keepers without taking into account the distinctiveness of crypto. The more advanced regulations only go as far as defining what constitutes crypto custody and/or setting guidelines for storage allocation between online and offline wallets.

New York

The New York Department of Financial Services, or NYDFS, being one of the most prominent and active financial regulators in the world, was one of the first regulators to make a move to put a leash on crypto trading and payment industry by issuing a Bitlicense. Crypto giants Coinbase and Gemini currently hold the license. However, the law, for the most part, only integrates crypto companies into NYDFS’s already robust financial regulation bracket.

The Bitlicense requires custodians to maintain a USD-denominated surety bond or trust account as security against customers’ funds. The NYDFS’s superintendent determines the amount to be held as security. The law does however prohibit custodians from selling or transferring clients’ assets without their permission.

Wyoming

The U.S. State of Wyoming is the only known geographical region with an advanced regulatory framework for crypto custody. The state goes beyond online-offline storage requirements to purpose-built provisions that address the uniqueness of crypto assets. In November 2019, Wyoming revealed a series of opt-in custody provisions that cover crypto-specific topics like ownership, forks, airdrops and staking, which also clarified that custodians cannot use clients’ assets without their approval.

This differs from the custody of traditional assets, in which owners are de facto creditors whose custodians are surreptitiously doing business — lending and rehypothecation, for instance — with customer assets. What’s more, the rule is clear that “all ancillary or subsidiary proceeds” relating to digital assets in custody are credited to the customers, like proceeds from forks, airdrops, staking and any other event that changes the value of an asset.

Switzerland

The country’s top financial regulator, FINMA, is one of the world’s most active regulators in the crypto space. Last year, the Swiss Federal Council published a draft law relating to digital assets. With regard to custody, the focus is mostly on the handling of client assets in the event of bankruptcy.

The draft amends the Swiss Debt Collection and Bankruptcy Act in that insolvency proceedings should exclude client assets even if they’re held collectively across single or several accounts with the custodian’s assets. This seeks to resolve the challenge of proof-of-ownership arising from the fact that crypto assets are bearer’s assets, compared to traditional securities.

Germany

Germany egan requiring crypto custodians to obtain a license from Jan. 1, 2020, following the implementation of the 5th Anti-Money Laundering Directive legislation, which mandated EU member countries to subject crypto companies to the same Anti-Money Laundering requirements as traditional financial firms.

Germany’s crypto custody regulations are still evolving, however. The German regulatory body Federal Financial Supervisory Authority has so far only made provisions for defining a custodian and what constitutes regulated custodial activities. It remains unclear whether BaFin will develop rules to accommodate the uniqueness of crypto assets.

Japan

After finding itself right in the thick of the 2017 crypto fever, Japan swiftly moved to start regulating crypto activities after the threats of money laundering and terrorist financing became apparent. Any exchange wishing to operate in Japan needs to first obtain a license from the Financial Services Agency, the country’s principal financial regulator. The country presently has 23 FSA-approved crypto exchanges.

In 2020, the FSA expanded its crypto regulatory oversight to include crypto custody via an amendment to the country’s Payment Services Act, under which it regulates crypto exchanges, requiring custodians to register as cryptocurrency exchanges — even if they don’t intermediate the sale and purchase of crypto or buy and sell themselves.

The law also requires custody service providers to keep the majority of customers’ assets offline and in a segregated manner, with no more than 5% of funds kept in hot wallets, and even then, the provider must hold the same amount of crypto of its own in an offline environment as a guarantee.